Bug#604198: marked as done (broken by CVE-2010-3864 patch in openssl)

[Debian Bug Tracking System]

Your message dated Mon, 22 Nov 2010 09:02:10 +0000
with message-id <e1pkshq-0003k4...@franck.debian.org>
and subject line Bug#604198: fixed in tor 0.2.2.18-alpha-2
has caused the Debian Bug report #604198,
regarding broken by CVE-2010-3864 patch in openssl
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
604198: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604198
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: tor
Severity: grave
Version: 0.2.1.26-1

The most recently uploaded openssl package contains a fix for
CVE-2010-3864, the libssl threading vulnerability (re #603709).

Unfortunately that patch breaks Tor relays on renegotiation again.

The Tor people are working on a workaround for that.

Cheers,
-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

--- End Message ---

--- Begin Message ---

Source: tor
Source-Version: 0.2.2.18-alpha-2

We believe that the bug you reported is fixed in the latest version of
tor, which is due to be installed in the Debian FTP archive:

tor-dbg_0.2.2.18-alpha-2_i386.deb
  to main/t/tor/tor-dbg_0.2.2.18-alpha-2_i386.deb
tor-geoipdb_0.2.2.18-alpha-2_all.deb
  to main/t/tor/tor-geoipdb_0.2.2.18-alpha-2_all.deb
tor_0.2.2.18-alpha-2.diff.gz
  to main/t/tor/tor_0.2.2.18-alpha-2.diff.gz
tor_0.2.2.18-alpha-2.dsc
  to main/t/tor/tor_0.2.2.18-alpha-2.dsc
tor_0.2.2.18-alpha-2_i386.deb
  to main/t/tor/tor_0.2.2.18-alpha-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 604...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Palfrader <wea...@debian.org> (supplier of updated tor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 21 Nov 2010 23:39:32 +0100
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source all i386
Version: 0.2.2.18-alpha-2
Distribution: experimental
Urgency: low
Maintainer: Peter Palfrader <wea...@debian.org>
Changed-By: Peter Palfrader <wea...@debian.org>
Description: 
 tor        - anonymizing overlay network for TCP
 tor-dbg    - debugging symbols for Tor
 tor-geoipdb - geoIP database for Tor
Closes: 604198
Changes: 
 tor (0.2.2.18-alpha-2) experimental; urgency=low
 .
   * If we overwrite src/or/micro-revision.i in during build,
     clean it out in the clean target.
   * Add debian/patches/15_tlsext_host_name: Work around change in libssl0.9.8
     (0.9.8g-15+lenny9 and 0.9.8o-3), taken from 0.2.1.27 (closes: #604198):
     .
     Do not set the tlsext_host_name extension on server SSL objects; only on
     client SSL objects.  We set it to immitate a browser, not a vhosting
     server. This resolves an incompatibility with openssl 0.9.8p and openssl
     1.0.0b.  Fixes bug 2204; bugfix on 0.2.1.1-alpha.
Checksums-Sha1: 
 1a0a75f687283ebe38c8fc3f0939bf0b5cd5f9c5 1487 tor_0.2.2.18-alpha-2.dsc
 ff814cc2c8396d1d601df977964a3c6ea5afc4e7 30248 tor_0.2.2.18-alpha-2.diff.gz
 5a481c6f703efdc54815e0573c5fafb11d49c7e2 1095866 
tor-geoipdb_0.2.2.18-alpha-2_all.deb
 40277d64d9d6b21b0d9a739fe949ed099d9637fa 1000862 tor_0.2.2.18-alpha-2_i386.deb
 3f936d98a165bc2e6b7786644d4bd58e0abb3faa 1078932 
tor-dbg_0.2.2.18-alpha-2_i386.deb
Checksums-Sha256: 
 72a49ee2738c75108cf8fe3ca57618f77d6693257cab310305fda8dbd3b614ab 1487 
tor_0.2.2.18-alpha-2.dsc
 7cb7671ff4005d72d1d17585d2e5e09b6d89f96a83fbe9bb500d9fb8d62f0e32 30248 
tor_0.2.2.18-alpha-2.diff.gz
 249fbcaa89dbad4903c9afc0c15ecb3e09bb8df5a788cdde781b406432d69441 1095866 
tor-geoipdb_0.2.2.18-alpha-2_all.deb
 bd52c1c7496f63709c6eb53c2e5602c02fd3773a9314a5926fab8f33dd2dc589 1000862 
tor_0.2.2.18-alpha-2_i386.deb
 c831c63d76298d010390ac8e1b53acc1bd77dbfb017ec2780340e87ec339af7e 1078932 
tor-dbg_0.2.2.18-alpha-2_i386.deb
Files: 
 76d2a491d4d58c770a3dab03690162ef 1487 net optional tor_0.2.2.18-alpha-2.dsc
 1d1c90792c554655c13e8a4668ae997f 30248 net optional 
tor_0.2.2.18-alpha-2.diff.gz
 70f9b6c079a36b40307d9dc3a5bb2ef6 1095866 net extra 
tor-geoipdb_0.2.2.18-alpha-2_all.deb
 9c4871141500f871a95d737240f02e86 1000862 net optional 
tor_0.2.2.18-alpha-2_i386.deb
 64977a3038bbf159d29b5fda74432e70 1078932 debug extra 
tor-dbg_0.2.2.18-alpha-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJM6ibYAAoJEDTSCgbh3sV3PCoH/28TkN3PHzlRc2nDi4MKPgLG
C9xNBXNe9Hnwsw6P+qMBzZZMAeq6fpgeP0L6WeTFoMq8OwrVyzkVt8ZcHH2vLkFX
UOZ7vUzG1eaWtBbydARxrbQJe1RCcf8wrodRgdqjAYuznpkeQjkaUo8RDhlNrKDB
gAqNZlrceDBFrsaa7hUdj6Wcz+SgLaP4UDkuLCqxRs9NgLl4qqdaC3Afpj0LpEmo
qlMQiDdE1FKuk3ML+ZN/kKz+fNe7fMg77BBLsUJDe6PaRZiI9urr3WmdBw8fsn6y
no21uJGniyzss+/CNKAW4ItRQ4XvQIioWT23SjxXe23zxXiUKrQAHXaJ7eVYjaM=
=FFrO
-----END PGP SIGNATURE-----

--- End Message ---